Configuring AD Audit Policies with PowerShell and GPO
A Missed Event Log Cost a Client Their Domain Admin Last year, a mid-size logistics company we manage came to us after discovering that a domain admin account had been…
Kubernetes Secrets Management: Encryption at Rest Audit
A Base64 String Is Not a Security Strategy Last year we were brought in to assess a mid-sized fintech company’s Kubernetes environment after a failed compliance audit. Their security team…
Using Autoruns to Audit Every Windows Autostart Location
A Backdoor Hiding in Plain Sight During a quarterly security review for a client running a 200-seat Windows environment, we found a DLL registered under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls that had been…
Encoding Passwords Securely in PowerShell Enterprise Scripts
A Plaintext Password That Cost a Client $200K Last year we inherited a managed environment from another vendor—a mid-size logistics company running 40+ scheduled PowerShell scripts across their domain controllers…
PowerShell NetIPsec Module: IPsec Policies on Server 2025
When Unencrypted East-West Traffic Becomes the Attacker’s Highway We were brought in after a healthcare provider’s internal audit flagged something alarming: a credential-harvesting tool had been sitting quietly on a…
IPsec Main Mode Crypto Sets: PowerShell Hardening Guide
A financial services client we took on last year had been running IPsec between their domain controllers and application servers for three years. Solid concept. The execution was a different…
Windows Server Hardening: Stop Guessing, Start Baselining
Most Windows Servers Are One Misconfiguration Away From a Breach We inherited an environment last year where the client had been running Windows Server 2019 domain controllers with NTLMv1 still…
DevSecOps Best Practices: A Pipeline Walkthrough
The Deployment That Shouldn’t Have Gone Live During an incident response engagement last year, we pulled the deployment logs for a mid-sized financial services company and found something that should…
Zero Trust Architecture: A Real Deployment Walkthrough
A financial services firm we work with had a problem they didn’t know they had. Their perimeter firewall was clean. Antivirus showed no alerts. The SOC hadn’t received a priority…
Digital Forensics for Incident Response: Field Guide
Three weeks into a ransomware investigation at a mid-size logistics firm, the IR team handed me what they called a “forensic copy” of the infected server. It had been rebooted…